Mydex Proposes a Free-Market Solution to Privacy Worries

The European Commission is suggesting a regulatory approach to protect privacy.

Privacy concerns have yet again increased tension between the U.S. and the EU with Brussels’ call for ever more regulations. But a U.K. start up has come up with a free-market approach that could slash regulations and put the individual in control of their own data.

Mydex stands the privacy problem on its head. Rather than say what information companies and governments can store about you, you store the data and say what data companies and governments can access, or at the very least, know who is looking at it, and why.

“If you put together a system with user-centric identity, with the ability to gain external verification of your claims — that you have a degree, or driving license or credit or whatever it is — and powerful technologies for selective disclosure, then you can have the rise of the personal data store,” said William Heath, chairman of Mydex.

Mr. Heath is one of a growing band of “social entrepreneurs.” He is founder and chair of Ctrl-Shift Ltd; an adviser to Open Rights Group, FIPR and The Dextrous Web; and a Fellow of the Young Foundation. It seems right, somehow, that he arrived at our meeting by bicycle.

“The rise of volunteered personal information, will have huge cost benefits for organizations and save individuals huge amounts of time and will quickly lead to enormous entrepreneurial opportunities as people create a new wave of services on the side of the individual.”

Mydex is currently in trials with the U.K. Department for Work and Pensions, and three local councils; London Borough of Brent, London Borough of Croydon, Royal Borough of Windsor and Maidenhead.

While it may seem counterintuitive that distributing data instead of aggregating it will save money, consider the cost for councils and individuals for the upkeep of stale data.

“A typical local authority in the U.K. may have 11 personal records for each resident and keeping them up to date is time consuming and expensive. If you can create a mechanism by which individuals can keep them and correct the inaccuracies on a DIY basis and up to date, that saves time and money for the organization. What saves in the order of magnitude more money, is when the organization provides products and services on the back of clean data.”

The obvious concern in all of this is that it might well be in my interest to fill my personal data store up with a load of nonsense — that way the tax man, for example, might not know who I am.

How Mydex Is Run

Mydex is a Community Interest Company (CIC). The CIC legal form allows Mydex to be sustainable and requires it be run for community benefit.

“The characteristics of the community interest company are interesting and a bit counter-intuitive. It can take shareholders; it can borrow money, it can be entrepreneurial, it can change what it’s doing, and it can make a profit,” explained Mr. Heath, chairman of Mydex.

“But, it has to be highly transparent, the majority of its profits have to go back to serving its stated community service and it has a statutory asset-lock.

“We could never sell Mydex to Microsoft or Google or Paypal. It’s not shareholder-value play but it does have shareholders and if Mydex is very profitable they will be rewarded but they will just get a feed of a minority of profits.

“There is a very good reason for that and that is the difference about this way of working is the data belongs to the individual and the ownership maintenance and control of the data must belong to the individual and the crucial quality is trust. The individual has to be absolutely sure that there isn’t a hidden agenda.”

Mydex’s solution is to have a range of independent verifiers — organizations that are prepared, for a fee, to give the data differing levels of authentication. It could be something as simple as a phone company saying that their system shows that you live at a particular address — which is currently the sort of standard you need to buy a mobile phone — or it could be as authoritative as the Post Office saying a person showed up at a post office, produced their passport, and went through the Post Office’s biometric system.

“There is a trade off between the relying party that wants the proof — if they set the bar too high — like for example if you try and buy tea from Whittards they want a full registration process and you might say, why, do you need all this for me to buy a tea bag ?

“So the market will also say how high do you set the barrier — the relying parties will have to make that decision. What should they do to avoid risk? The verification services will also decide much of a business is there in providing authentication.”

For organizations like tax offices, it may be that no system is considered authoritative enough, in which case the taxman will continue as much as before. But the system does offer the potential, at least, for a different approach to our data.

“The honest answer to that is whatever system there is there will be some people who will try to game it for whatever reason and we don’t know all the ways that people will try the system. However, what this does is it creates a market-based incentive for increased honesty, because most of the time when most people are dealing with organizations they want to have an efficient, trustworthy transaction,” said Alan Mitchell, Mydex’s head of strategy.

Mydex is a very elegant solution to a very difficult, and expensive, problem. It has the added advantage of not being a regulatory solution. There are, of course, real issues with security and the ways that people may game the system. But at heart it has, for government, a very radical proposal — trust your citizens.

About Tech Europe

Tech Europe covers Europe’s technology leaders, their companies, and the people and industries that support them — and their ideas. The blog is edited by Ben Rooney, with contributions from The Wall Street Journal and Dow Jones Newswires.